Static task
static1
General
-
Target
9b90d0df9e2128c8ed0c4cf4c6047d9c7efaa4e5054eaae15fa914c4271d96c4
-
Size
62KB
-
MD5
5ce8fd2763f4172bafd7683b3c0ce1a0
-
SHA1
fb0f8e8ab013b82b339f1e8b1e94c366c624da62
-
SHA256
9b90d0df9e2128c8ed0c4cf4c6047d9c7efaa4e5054eaae15fa914c4271d96c4
-
SHA512
a78e5213c3ab4ddade8360029d9c91225e21e8b7ba77218e7a53bb7fa6f30e54f145dfe68332cdf47102e48673cc19ce3f7ad787f74ce449ca85546ed04dc1c2
-
SSDEEP
1536:BxEmLS4R2PSalYQH7YDYM/xTU6WY2stVxg5SaoM:HR2PSqbYD1pjRtuBo
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource 9b90d0df9e2128c8ed0c4cf4c6047d9c7efaa4e5054eaae15fa914c4271d96c4
Files
-
9b90d0df9e2128c8ed0c4cf4c6047d9c7efaa4e5054eaae15fa914c4271d96c4.sys windows:6 windows x64 arch:x64
fbc1bd3f86c6e875ecf77458d56ddc40
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
wdfldr.sys
WdfVersionUnbind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind
ntoskrnl.exe
RtlInitUnicodeString
ExAllocatePool
ExFreePoolWithTag
ExInitializeResourceLite
ExDeleteResourceLite
MmGetSystemRoutineAddress
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObUnRegisterCallbacks
ZwClose
ZwOpenKey
ZwQueryValueKey
SeSinglePrivilegeCheck
PsSetCreateProcessNotifyRoutineEx
KeInitializeDpc
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeFlushQueuedDpcs
KeRevertToUserAffinityThreadEx
KeSetSystemAffinityThreadEx
KeQueryActiveProcessors
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsGetCurrentProcessId
PsGetCurrentThreadId
KeDelayExecutionThread
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdlEx
PsWrapApcWow64Thread
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
ObReferenceObjectByHandle
ObfDereferenceObject
ObRegisterCallbacks
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress
PsSetCreateThreadNotifyRoutine
PsGetProcessId
PsGetThreadProcessId
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwAllocateVirtualMemory
_vsnwprintf
KeInitializeApc
KeInsertQueueApc
ZwOpenThread
ZwQueryInformationProcess
_local_unwind
PsProcessType
PsThreadType
DbgBreakPointWithStatus
RtlGetVersion
MmGetVirtualForPhysical
PsLookupThreadByThreadId
__C_specific_handler
KeQueryActiveProcessorCount
KeClearEvent
ExAcquireResourceSharedLite
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlGetElementGenericTable
KeReleaseSemaphore
KeInitializeSemaphore
KeWaitForMultipleObjects
ExAcquireFastMutex
ExReleaseFastMutex
MmBuildMdlForNonPagedPool
ZwCreateFile
ZwWriteFile
HalDispatchTable
wcsncpy
KeInitializeMutex
KeReleaseMutex
KeSetSystemAffinityThread
KeQueryMaximumProcessorCount
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
PsCreateSystemThread
ZwDeleteFile
ZwWaitForSingleObject
swprintf_s
MmMapIoSpace
MmUnmapIoSpace
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
MmAllocateContiguousMemory
ZwQueryInformationFile
ZwReadFile
RtlCopyUnicodeString
DbgPrintEx
KeBugCheckEx
Sections
.text Size: 46KB - Virtual size: 46KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 56B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ